Remove referer check, this is unreliable. The header doesnt need te exist, or can be wrong

2012-07-03 17:53:09 +02:00 · 2012-07-03 17:53:09 +02:00 · 621b83df72
parent 9ea34cae43
commit 621b83df72
1 changed files with 0 additions and 15 deletions
--- a/lib/base.php
+++ b/lib/base.php
@ -330,21 +330,6 @@ class OC{

 		self::checkInstalled();
 		self::checkSSL();
-
-		// CSRF protection
-		if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
-		$refererhost=parse_url($referer);
-		if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost='';
-		$server=OC_Helper::serverHost();
-		$serverhost=explode(':',$server);
-		$serverhost=$serverhost['0'];
-		if(!self::$CLI){
-			if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) {
-				$url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';
-				header("Location: $url");
-				exit();
-			}
-		}
 		self::initSession();
 		self::initTemplateEngine();
 		self::checkUpgrade();